2.1.25 login based pages not working with uwsgi
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Low
|
Mark Sapiro |
Bug Description
Mailman 2.1.25's login based pages (private archives, admin page, etc.) don't work with uwsgi (uwsgi times out printing a "invalid CGI response !!!" error).
Downgrading to 2.1.24 fixes this issue (I can again log in and uwsgi doesn't reply with the "invalid CGI response !!!" message).
I'm on Arch Linux trying to use mailman 2.1.25 with uwsgi 2.0.15 through nginx 1.12.2.
I've also opened a downstream bug there [1].
For completeness I will attach the same log files as in the aforementioned bug report.
The uwsgi configuration in use for mailman is pretty straight forward:
``
[uwsgi]
procname-master = mailman
master = true
plugins = cgi
socket = /run/uwsgi/%n.sock
stats = /run/uwsgi/
processes = 1
threads = 2
cheaper-step = 1
idle = 120
die-on-idle = true
uid = http
gid = http
cgi = /=/usr/
cgi-index = listinfo
``
Nginx fronts the application server and redirects to a unix socket, which in turn starts a systemd service. More info on the setup can be found on my website [2].
``
[Unit]
Description=uWSGI service unit
After=syslog.target
[Service]
ExecStart=
Type=notify
SuccessExitStat
StandardError=
NotifyAccess=all
KillSignal=SIGQUIT
PrivateDevices=yes
PrivateTmp=yes
ProtectSystem=full
ReadWriteDirect
ProtectHome=yes
[Install]
WantedBy=
``
``
[Unit]
Description=Socket for uWSGI %I
[Socket]
ListenStream=
[Install]
WantedBy=
``
[1] https:/
[2] https:/
Related branches
Changed in mailman: | |
status: | In Progress → Fix Committed |
Changed in mailman: | |
status: | Fix Committed → Fix Released |
I am not familiar with uwsgi, so I really don't understand what's going on, but what I can tell you is between Mailman 2.1.24 and Mailman 2.1 25 There were no changes in Mailman/ SecurityManager .py or Mailman/Cgi/Auth.py which are the modules that have to do with logging in and passwords. The only change in Mailman/ Cgi/private. py changed a getting the username and password from
username = cgidata. getvalue( 'username' , '') getvalue( 'password' , '')
password = cgidata.
to
username = cgidata. getfirst( 'username' , '') getfirst( 'password' , '')
password = cgidata.
There were similar changes amongst others in Mailman/ Cgi/admin. py and Mailman/ Cgi/admindb. py
In the above, cgidata is an instance of the Python standard library cgi.FieldStorage class. See https:/ /docs.python. org/2/library/ cgi.html# higher- level-interface - the difference is getvalue() can return a string or a list depending of whether the post data contains a single or multiple settings for the variable. getfirst always returns a single value, never a list.
However, this all occurs in handling the CGI input passed to the invoked process so it's hard to see how this would produce what you are seeing. As far as output from the CGI is concerned, there should be no change at all to that from 'private'. 'admin' and 'admindb' do have some changes in CSS to support enhanced accessibility for visually impaired users, but nothing else.